FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Adding a record to a database
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Adding a record to a database [message #175102 is a reply to message #175100] Mon, 15 August 2011 12:46 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 8/15/2011 8:35 AM, Charles wrote:
> I'm trying to add a record to a database, and it's not working
> properly.
>
> The general thought is to call a data entry form, fill in the form,
> and use the $_POST(array) process to pass the data from the form to a
> php script that handles adding the record to the database.
>
> The only trick part of the php script is using a hidden field to pass
> the name of the data entry form to a SWITCH statement. I'm trying to
> keep the site directory uncluttered and the scripting organized, and I
> understand this works.
>

It is also very insecure and will can leave your site wide open to hackers.

> I'm getting Error 500 as I test the script, so I think I have
> something coded incorrectly in the script, or I have something
> missing. Other php-based web applications wrok fine, so I suspect I
> have php correctly installed.
>

Enable errors and display them. In your php.ini file for your test
system you should have:

error_reporting=E_ALL // or E_ALL | E_NOTICE
display_errors=on

> Here's the coding:
>
> =====================
>
> <?php
>
> /*<!-- This starts the switch statement. The variable passed to
> control iteration
> is the $_Push(switch) variable set in the first (hidden) field in a
> data entry form.
> The value contained in the variable is the case predicate
>
> */
>
>
> switch ($_Push(switch)) {
>

Where is $_Push(switch) coming from? And BTW it should be 'switch'.

What is in the $_Push array? I suspect it's empty.

> /*======================================================*/
>
> case "cab_vehicle_data_entry_add_a_vehicle":
>
>
>
> $con = mysql_connect("*********","****","******");<<These are fine
> if (!$con)
> {
> die('Could not connect: ' . mysql_error());

Bad practice. Handle the error - don't terminate the script with an
error message.

> }
>
> mysql_select_db("taxicab", $con);
>
> $sql="INSERT INTO
> cab_vehicle (cab_vehicle_make, cab_vehicle_model,
> cab_vehicle_edition,
> cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN,
> cab_vehicle_registration_number,
> cab_vehicle_reg_exp_month, cab_vehicle_reg_exp_year,
> cab_vehicle_pax_capacity,
> cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight)
>
> VALUES
>
>
> ('$_POST[Make]','$_POST[Model]','$_POST[Edition]','$_POST[Month]','$_POST[y ear]',
> '$_POST[VIN]','$_POST[Registration]','$_POST[reg_exp_month]','$_POST[reg_ex p_year]',
> '$_POST[pax_capacity]','$_POST[cargo_cubic_feet]','$_POST[cargo_weight_lbs] ') ";
>

Google for 'SQL Injection'. Then see how a hacker could easily wipe out
your database.

> if (!mysql_query($sql,$con))
> {
> die('Error: ' . mysql_error());

Same comment as before.

> }
> echo "1 record added";
>
> mysql_close($con)
>
> break;
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
> /*======================================================*/
>
> /* case "whatever"
> Next process subroutine
> break;
> */
>
>
> }
>
>
> ?>


So find your problem - then straighten out your code per the other
comments I made above.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP 4 vs 5 timings
Next Topic: Re: ftp with win-filenames with chr#32 ?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 05:26:29 GMT 2024

Total time taken to generate the page: 0.04982 seconds